Cisco Blogs


Cisco Blog > Mobility

Wireless Security and Monitoring via the Cisco Aironet 3600 Expansion Module

A recent highway project in Orlando had proposed that an off-ramp be built for a future neighborhood and development center. Because the area was planned for future development, this caused some debate within the community. Some argued that that there was no point to spending money on something that might not be possible in the future. Others argued that it was good idea to build the off-ramp and spend the money now so when the neighborhood and development center was ready, a cost savings would occur since building it now would save money in the future. Both sides have good arguments and after some healthy debate, the off-ramp was built for the future neighborhood and development center, which both are now thriving.

Well, what does this have to do with Cisco and wireless technology? This is a good example of how the 3600 Access Point was designed. Even with the pressures of time to market and cost management, the development team took the extra time to add the option for future modular expansion. The same debates in the Orlando community took place here between development engineering and product management. “It will cost too much and delay the release of the product (especially in an industry where time to market is essential)” versus “Let’s have modularity so we can address whatever future technology is available so our customers can take advantage of it without having to rip & replace their APs”. We like to say we’re “future proofing” the AP.

Well, the future proofing argument won, and the 3600 was released last January with an expansion module for additional features and emerging technology. Already in May  we announced the 802.11ac Radio Module that will support the emerging standard.

Now, we have another addition to this expansion: the Security and Monitor Module. Read More »

Tags: , , , , ,

Simplifying PCI Compliance for SMBs

Payment Card Industry (PCI) compliance can often be overwhelming for all enterprises, let alone small and medium businesses (SMBs).  Given limited budgets and IT resources, SMBs face an even greater challenge than large enterprises.

The PCI Data Security Standard (DSS) 2.0 is complex on several levels:

  • It requires expertise on a range of network systems and security technologies.
  • It requires continual monitoring and management of access to cardholder data.
  • There is no “silver bullet” technology that can address a growing list of detailed standards and requirements. Technologies such as encryption, tokenization, as well as Europay, MasterCard, and Visa (EMV) smartcards address portions of your infrastructure, but none provide a single compliance solution.
  • It’s dynamic and requires ongoing diligence.  Being compliant at the time of your audit is a snapshot in time that requires simplified maintenance.

These requirements take time, effort and funding, which are all in short supply in SMBs.

Help is at hand. Cisco and many of its partners offer cost-effective PCI compliance services--including assistance for SMBs as they complete their self-assessment questionnaire or assess PCI readiness.   In a recent article  authored by Cisco and partners Verizon Business and Presidio, we examine ways to simplify compliance for small and medium businesses.  Learn the 5 key strategies to securing your customer information while incorporating security best practices from Aaron Renolds, QSA and Principal Consultant at Verizon Enterprise Solutions and Sean Wallis, Senior Security Consultant at Presidio Networked Solutions.

Advice to Managers: Five Ways to Simplify Your PCI 2.0 Compliance:

http://www.cisco.com/cisco/web/solutions/small_business/resource_center/articles/do_business_better/advice_to_managers/index.html

Tags: , , , , , , ,

“War, what is it good for” as a security metaphor?

I have a thing for metaphors. I wrote my dissertation on them. And they have helped me enormously as a non-engineer working in IT security.

Metaphors are powerful tools (that’s a metaphor, by the way). Literally referring to something as something else enables us to make mental connections between concepts that are not really the same. War and weapons have proven historically useful metaphors. In wartime, everything changes. We look at the situation, our opponents, and even ourselves very differently (I like the image of a noble warrior on the battlefield more than that of a guy who spends most of his day sitting and typing…)

But metaphors also cause trouble, especially when we use them to over-simplify. I am skeptical of “security as war” metaphors, including that of the arms race. The metaphor detracts from the very real threats of cyber- and information warfare. War doesn’t define security any more than war defines firearms. Unless we are specifically talking about threats from nation states (and a few other actors) using information technology as part of armed conflict, we are not talking about war. And this is not what we are usually talking about in information security.

Read More »

Tags: , , , ,

Network Defense at Blackhat 2012

Just back from presenting lab-based training session Detecting & Mitigating Attacks Using Your Network Infrastructure with Joe Karpenko at Blackhat USA 2012. Great to see a Defense track of Briefings which included Intrusion Detection Along The Kill Chain: Why Your Detection System Sucks And What To Do About It and more of an emphasis on protecting or remediating network infrastructures in topics like Targeted Intrusion Remediation: Lessons From The Front Lines. I attended several of these briefings and was impressed with the breadth of information provided for network operators. The Defense briefings align well with the network security best practices advocated by Cisco and presented in our training. These best practices include: Read More »

Tags: , , ,

Work Your Way, Securely

August 2, 2012 at 11:17 am PST

Hear how financial innovator Diebold gains visibility and control of the 87,000 devices on their network. David Kennedy, former Chief Security Officer at Diebold recognizes there is no stopping new mobile devices and sets course to secure the organization while ensuring the business may continue to generate revenue. Workers want to work their way securely and prefer that the security is transparent so that they have the optimal experience. He speaks to the unique granularity that the Cisco Identity Services Engine (ISE) offers to segment access by user, device, access method, posture, and time. So that engineers may have access to their codebase while marketing professionals like me have no access from my new iPad:

Read More »

Tags: , , , ,